-
Notifications
You must be signed in to change notification settings - Fork 493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the policy for checking AWS secret and access key in Instance User data. #358
Comments
@cesar-rodriguez is there any guide on how to contribute to terrascan policies?. I wrote an OPA for the above misconfiguration. However, if there is any guide to contribute, I would love to know. |
Hi @harkirat22. We still need to add better documentation on how to contribute policies, but a good place to get started is this comment from @williepaul : #326 (comment) Here's also a policy only PR that was recently merge you could use as a reference: #350 Feel free to comment here if you get stuck or have any questions. Looking forward to your contribution! |
@cesar-rodriguez. Yup sure, I will have a look at that. I have written OPA policies and ran them on terraform plan converted to JSON format. I will write the same as per terrascan format. |
@cesar-rodriguez @williepaul, I wrote the policy for this issue. Please have a look, afterwards, I will create a pull request package accurics } |
Looks good @harkirat22! No need to include rc for this. Thanks! |
@harkirat22 , Can we close this issue? Is there any action pending on this one? |
Example:
user_data = <<EOF
#! /bin/bash
sudo apt-get update
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMAAA
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMAAAKEY
export AWS_DEFAULT_REGION=us-west-2
EOF
I deliberately ran the above, terrascan did not detected this violation. Later, I checked the rego policies of terrascan and found there is no such policy for checking the above violation.
The text was updated successfully, but these errors were encountered: